Add NTDS object sid to x509 ASN

2023-04-19 12:58:57 +00:00 · 2023-04-19 12:58:57 +00:00 · e4496554fd
parent a11ade20b2
commit e4496554fd
3 changed files with 117 additions and 7 deletions
--- a/epan/dissectors/asn1/x509ce/CertificateExtensions.asn
+++ b/epan/dissectors/asn1/x509ce/CertificateExtensions.asn
@ -3,7 +3,7 @@ CertificateExtensions {joint-iso-itu-t ds(5) module(1)
  certificateExtensions(26) 5} DEFINITIONS IMPLICIT TAGS ::=
 BEGIN

-- EXPORTS ALL 
+-- EXPORTS ALL
 IMPORTS
  id-at, id-ce, id-mr, informationFramework, authenticationFramework,
    selectedAttributeTypes, upperBounds
@ -24,7 +24,7 @@ IMPORTS

 -- Unless explicitly noted otherwise, there is no significance to the ordering
 -- of components of a SEQUENCE OF construct in this Specification.
-- public-key certificate and CRL extensions 
+-- public-key certificate and CRL extensions
 authorityKeyIdentifier EXTENSION ::= {
  SYNTAX         AuthorityKeyIdentifier
  IDENTIFIED BY  id-ce-authorityKeyIdentifier
@ -471,7 +471,7 @@ inhibitAnyPolicy EXTENSION ::= {
  IDENTIFIED BY  id-ce-inhibitAnyPolicy
 }

-- PKI matching rules 
+-- PKI matching rules
 certificateExactMatch MATCHING-RULE ::= {
  SYNTAX  CertificateExactAssertion
  ID      id-mr-certificateExactMatch
@ -617,7 +617,7 @@ AltName ::= SEQUENCE {
  altNameValue  GeneralName OPTIONAL
 }

-- Object identifier assignments 
+-- Object identifier assignments
 id-ce-subjectDirectoryAttributes OBJECT IDENTIFIER ::=
  {id-ce 9}

@ -687,7 +687,7 @@ id-ce-expiredCertsOnCRL OBJECT IDENTIFIER ::= {id-ce 60}

 id-ce-aAissuingDistributionPoint OBJECT IDENTIFIER ::= {id-ce 63}

-- matching rule OIDs 
+-- matching rule OIDs
 id-mr-certificateExactMatch OBJECT IDENTIFIER ::=
  {id-mr 34}

@ -709,9 +709,10 @@ id-mr-pkiPathMatch OBJECT IDENTIFIER ::= {id-mr 62}

 id-mr-enhancedCertificateMatch OBJECT IDENTIFIER ::= {id-mr 65}

+
 -- The following OBJECT IDENTIFIERS are not used by this Specification:
 -- {id-ce 2}, {id-ce 3}, {id-ce 4}, {id-ce 5}, {id-ce 6}, {id-ce 7},
-- {id-ce 8}, {id-ce 10}, {id-ce 11}, {id-ce 12}, {id-ce 13}, 
+-- {id-ce 8}, {id-ce 10}, {id-ce 11}, {id-ce 12}, {id-ce 13},
 -- {id-ce 22}, {id-ce 25}, {id-ce 26}

 -- Microsoft Certificate Extension
@ -722,6 +723,18 @@ CertificateTemplate ::= SEQUENCE {
  templateMinorVersion INTEGER OPTIONAL
 }

+-- Microsoft NTDS CA Security Extension
+NtdsCaSecurity ::= SEQUENCE {
+  ntdsObjectSid NtdsObjectSid
+}
+
+NtdsObjectSid ::= [0] SEQUENCE {
+  type-id OBJECT IDENTIFIER,
+  sid [0] PrintableString
+}
+
+
+
 -- Entrust Certificate Extension

 EntrustVersionInfo ::= SEQUENCE {
@ -730,7 +743,7 @@ EntrustVersionInfo ::= SEQUENCE {
 }

 EntrustInfoFlags ::=  BIT STRING {
-  keyUpdateAllowed(0), 
+  keyUpdateAllowed(0),
  newExtensions(1),
  pKIXCertificate(2),
  enterpriseCategory(3),
--- a/epan/dissectors/asn1/x509ce/x509ce.cnf
+++ b/epan/dissectors/asn1/x509ce/x509ce.cnf
@ -146,6 +146,8 @@ EnhancedCertificateAssertion  B "2.5.13.65" "id-mr-enhancedCertificateMatch"
 # Microsoft extensions
 CertificateTemplate       B "1.3.6.1.4.1.311.21.7"  "id-ms-certificate-template"
 CertificatePoliciesSyntax B "1.3.6.1.4.1.311.21.10" "id-ms-application-certificate-policies"
+NtdsCaSecurity            B "1.3.6.1.4.1.311.25.2" "id-ms-ntds-ca-security"
+NtdsObjectSid             B "1.3.6.1.4.1.311.25.2.1" "id-ms-ntds-object-sid"

 # Entrust extensions
 EntrustVersionInfo        B "1.2.840.113533.7.65.0" "id-ce-entrustVersionInfo"
--- a/epan/dissectors/packet-x509ce.c
+++ b/epan/dissectors/packet-x509ce.c
@ -77,6 +77,8 @@ static int hf_x509ce_CertificateListAssertion_PDU = -1;  /* CertificateListAsser
 static int hf_x509ce_PkiPathMatchSyntax_PDU = -1;  /* PkiPathMatchSyntax */
 static int hf_x509ce_EnhancedCertificateAssertion_PDU = -1;  /* EnhancedCertificateAssertion */
 static int hf_x509ce_CertificateTemplate_PDU = -1;  /* CertificateTemplate */
+static int hf_x509ce_NtdsCaSecurity_PDU = -1;     /* NtdsCaSecurity */
+static int hf_x509ce_NtdsObjectSid_PDU = -1;      /* NtdsObjectSid */
 static int hf_x509ce_EntrustVersionInfo_PDU = -1;  /* EntrustVersionInfo */
 static int hf_x509ce_ScramblerCapabilities_PDU = -1;  /* ScramblerCapabilities */
 static int hf_x509ce_CiplusInfo_PDU = -1;         /* CiplusInfo */
@ -206,6 +208,9 @@ static int hf_x509ce_altNameValue = -1;           /* GeneralName */
 static int hf_x509ce_templateID = -1;             /* OBJECT_IDENTIFIER */
 static int hf_x509ce_templateMajorVersion = -1;   /* INTEGER */
 static int hf_x509ce_templateMinorVersion = -1;   /* INTEGER */
+static int hf_x509ce_ntdsObjectSid = -1;          /* NtdsObjectSid */
+static int hf_x509ce_type_id_01 = -1;             /* OBJECT_IDENTIFIER */
+static int hf_x509ce_sid = -1;                    /* PrintableString */
 static int hf_x509ce_entrustVers = -1;            /* GeneralString */
 static int hf_x509ce_entrustVersInfoFlags = -1;   /* EntrustInfoFlags */
 static int hf_x509ce_capability = -1;             /* INTEGER_0_MAX */
@ -297,6 +302,8 @@ static gint ett_x509ce_PkiPathMatchSyntax = -1;
 static gint ett_x509ce_EnhancedCertificateAssertion = -1;
 static gint ett_x509ce_AltName = -1;
 static gint ett_x509ce_CertificateTemplate = -1;
+static gint ett_x509ce_NtdsCaSecurity = -1;
+static gint ett_x509ce_NtdsObjectSid_U = -1;
 static gint ett_x509ce_EntrustVersionInfo = -1;
 static gint ett_x509ce_EntrustInfoFlags = -1;
 static gint ett_x509ce_ScramblerCapabilities = -1;
@ -1553,6 +1560,56 @@ dissect_x509ce_CertificateTemplate(gboolean implicit_tag _U_, tvbuff_t *tvb _U_,



+static int
+dissect_x509ce_PrintableString(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_restricted_string(implicit_tag, BER_UNI_TAG_PrintableString,
+                                            actx, tree, tvb, offset, hf_index,
+                                            NULL);
+
+  return offset;
+}
+
+
+static const ber_sequence_t NtdsObjectSid_U_sequence[] = {
+  { &hf_x509ce_type_id_01   , BER_CLASS_UNI, BER_UNI_TAG_OID, BER_FLAGS_NOOWNTAG, dissect_x509ce_OBJECT_IDENTIFIER },
+  { &hf_x509ce_sid          , BER_CLASS_CON, 0, BER_FLAGS_IMPLTAG, dissect_x509ce_PrintableString },
+  { NULL, 0, 0, 0, NULL }
+};
+
+static int
+dissect_x509ce_NtdsObjectSid_U(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
+                                   NtdsObjectSid_U_sequence, hf_index, ett_x509ce_NtdsObjectSid_U);
+
+  return offset;
+}
+
+
+
+static int
+dissect_x509ce_NtdsObjectSid(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_tagged_type(implicit_tag, actx, tree, tvb, offset,
+                                      hf_index, BER_CLASS_CON, 0, TRUE, dissect_x509ce_NtdsObjectSid_U);
+
+  return offset;
+}
+
+
+static const ber_sequence_t NtdsCaSecurity_sequence[] = {
+  { &hf_x509ce_ntdsObjectSid, BER_CLASS_CON, 0, BER_FLAGS_NOOWNTAG, dissect_x509ce_NtdsObjectSid },
+  { NULL, 0, 0, 0, NULL }
+};
+
+static int
+dissect_x509ce_NtdsCaSecurity(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
+  offset = dissect_ber_sequence(implicit_tag, actx, tree, tvb, offset,
+                                   NtdsCaSecurity_sequence, hf_index, ett_x509ce_NtdsCaSecurity);
+
+  return offset;
+}
+
+
+
 static int
 dissect_x509ce_GeneralString(gboolean implicit_tag _U_, tvbuff_t *tvb _U_, int offset _U_, asn1_ctx_t *actx _U_, proto_tree *tree _U_, int hf_index _U_) {
  offset = dissect_ber_restricted_string(implicit_tag, BER_UNI_TAG_GeneralString,
@ -1887,6 +1944,20 @@ static int dissect_CertificateTemplate_PDU(tvbuff_t *tvb _U_, packet_info *pinfo
  offset = dissect_x509ce_CertificateTemplate(FALSE, tvb, offset, &asn1_ctx, tree, hf_x509ce_CertificateTemplate_PDU);
  return offset;
 }
+static int dissect_NtdsCaSecurity_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
+  int offset = 0;
+  asn1_ctx_t asn1_ctx;
+  asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
+  offset = dissect_x509ce_NtdsCaSecurity(FALSE, tvb, offset, &asn1_ctx, tree, hf_x509ce_NtdsCaSecurity_PDU);
+  return offset;
+}
+static int dissect_NtdsObjectSid_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
+  int offset = 0;
+  asn1_ctx_t asn1_ctx;
+  asn1_ctx_init(&asn1_ctx, ASN1_ENC_BER, TRUE, pinfo);
+  offset = dissect_x509ce_NtdsObjectSid(FALSE, tvb, offset, &asn1_ctx, tree, hf_x509ce_NtdsObjectSid_PDU);
+  return offset;
+}
 static int dissect_EntrustVersionInfo_PDU(tvbuff_t *tvb _U_, packet_info *pinfo _U_, proto_tree *tree _U_, void *data _U_) {
  int offset = 0;
  asn1_ctx_t asn1_ctx;
@ -2127,6 +2198,14 @@ void proto_register_x509ce(void) {
      { "CertificateTemplate", "x509ce.CertificateTemplate_element",
        FT_NONE, BASE_NONE, NULL, 0,
        NULL, HFILL }},
+    { &hf_x509ce_NtdsCaSecurity_PDU,
+      { "NtdsCaSecurity", "x509ce.NtdsCaSecurity_element",
+        FT_NONE, BASE_NONE, NULL, 0,
+        NULL, HFILL }},
+    { &hf_x509ce_NtdsObjectSid_PDU,
+      { "NtdsObjectSid", "x509ce.NtdsObjectSid_element",
+        FT_NONE, BASE_NONE, NULL, 0,
+        NULL, HFILL }},
    { &hf_x509ce_EntrustVersionInfo_PDU,
      { "EntrustVersionInfo", "x509ce.EntrustVersionInfo_element",
        FT_NONE, BASE_NONE, NULL, 0,
@ -2643,6 +2722,18 @@ void proto_register_x509ce(void) {
      { "templateMinorVersion", "x509ce.templateMinorVersion",
        FT_INT32, BASE_DEC, NULL, 0,
        "INTEGER", HFILL }},
+    { &hf_x509ce_ntdsObjectSid,
+      { "ntdsObjectSid", "x509ce.ntdsObjectSid_element",
+        FT_NONE, BASE_NONE, NULL, 0,
+        NULL, HFILL }},
+    { &hf_x509ce_type_id_01,
+      { "type-id", "x509ce.type_id",
+        FT_OID, BASE_NONE, NULL, 0,
+        "OBJECT_IDENTIFIER", HFILL }},
+    { &hf_x509ce_sid,
+      { "sid", "x509ce.sid",
+        FT_STRING, BASE_NONE, NULL, 0,
+        "PrintableString", HFILL }},
    { &hf_x509ce_entrustVers,
      { "entrustVers", "x509ce.entrustVers",
        FT_STRING, BASE_NONE, NULL, 0,
@ -2828,6 +2919,8 @@ void proto_register_x509ce(void) {
    &ett_x509ce_EnhancedCertificateAssertion,
    &ett_x509ce_AltName,
    &ett_x509ce_CertificateTemplate,
+    &ett_x509ce_NtdsCaSecurity,
+    &ett_x509ce_NtdsObjectSid_U,
    &ett_x509ce_EntrustVersionInfo,
    &ett_x509ce_EntrustInfoFlags,
    &ett_x509ce_ScramblerCapabilities,
@ -2886,6 +2979,8 @@ void proto_reg_handoff_x509ce(void) {
  register_ber_oid_dissector("2.5.13.65", dissect_EnhancedCertificateAssertion_PDU, proto_x509ce, "id-mr-enhancedCertificateMatch");
  register_ber_oid_dissector("1.3.6.1.4.1.311.21.7", dissect_CertificateTemplate_PDU, proto_x509ce, "id-ms-certificate-template");
  register_ber_oid_dissector("1.3.6.1.4.1.311.21.10", dissect_CertificatePoliciesSyntax_PDU, proto_x509ce, "id-ms-application-certificate-policies");
+  register_ber_oid_dissector("1.3.6.1.4.1.311.25.2", dissect_NtdsCaSecurity_PDU, proto_x509ce, "id-ms-ntds-ca-security");
+  register_ber_oid_dissector("1.3.6.1.4.1.311.25.2.1", dissect_NtdsObjectSid_PDU, proto_x509ce, "id-ms-ntds-object-sid");
  register_ber_oid_dissector("1.2.840.113533.7.65.0", dissect_EntrustVersionInfo_PDU, proto_x509ce, "id-ce-entrustVersionInfo");

  register_ber_oid_dissector("2.5.29.24", dissect_x509ce_invalidityDate_callback, proto_x509ce, "id-ce-invalidityDate");